Security Advisory

CVE-2026-22216

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-13 01:18:16

Last updated 2026-03-13 14:14:03

Assigner VulnCheck

State PUBLISHED

Description

wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHelperAjax.php. Attackers can exploit LIKE wildcard characters in the subscription query to match multiple email addresses and generate unwanted notification emails to victim accounts.

← Browse all CVEs View on cve.org ↗